Thread: Authentication problem in a servlet

Hello,
I am trying to make a servlet which would have a security. When you try to access to it, the box pops up with login and password boxes. The thing is, that it doesn't appears to me. When I am trying to access the page, I get an error like this:


The way I am trying to do it:

The servlet:

import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
 
public class ProtectedPage extends HttpServlet {
	Hashtable<String, String> users = new Hashtable<String, String>();
 
	public void init(ServletConfig config) throws ServletException {
		super.init(config);
		// Remember that names and password are case sensitive !
		users.put("MyName:MyPassword", "allowed");
	}
 
	public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
		doGet(request, response);
	}
 
	public void doGet(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException {
		res.setContentType("text/plain");
		PrintWriter out = res.getWriter();
 
		// Show client data
		String auth = req.getHeader("Authorization");
		if(checkUser(auth)) {
			out.write("\n Authorization Header = " + auth);
			out.write("\n Authorization Type = " + req.getAuthType());
			out.write("\n User Principal = " + req.getUserPrincipal());
			out.write("\n Remote User = " + req.getRemoteUser());
			out.write("\n isSecure = " + req.isSecure());
			out.write("\n Scheme = " + req.getScheme());
		}
		else {
			res.setHeader("WWW-Authenticate", "FORM realm=\"Customer\"");
			res.sendError(res.SC_UNAUTHORIZED);
		}
	}
 
	/** This method checks the user Authorization information comparing
	*	that with data in users Hashtable.
	*	@param auth is a String, representing user Authorization data
	*	@return boolean true, if it is allowed to show this page to user.
	*/
	protected boolean checkUser(String auth) throws IOException {
		if(auth == null)
			return false;
		String authType = "BASIC ";
		if(!auth.toUpperCase().startsWith(authType))
			return false;
 
		//Get encoded user and password, comes after authType.
		String userpassEncoded = auth.substring(authType.length());
 
		//Decode userpassEncoded, using base 64 decoder
		String userpassDecoded = new String(Base64.decode(userpassEncoded));
		System.out.println("userpassDecoded == " + userpassDecoded);
		//Check our user list to see if that user and password are "allowed".
		if("allowed".equals(users.get(userpassDecoded)))
			return true;
		else
			return false;
	}
}

web.xml:

...
<servlet>
	<servlet-name>Protected Page</servlet-name>
	<servlet-class>ProtectedPage</servlet-class>
  </servlet>
<servlet-mapping>
	<servlet-name>Protected Page</servlet-name>
	<url-pattern>/ProtectedPage</url-pattern>
  </servlet-mapping> 
 
<security-constraint>
	<web-resource-collection>
		<web-resource-name>Protected Page</web-resource-name>
		<url-pattern>/ProtectedPade</url-pattern>
	</web-resource-collection>
 
	<auth-constraint>
		<security-role>
			<role-name>Customer</role-name>
		</security-role>
	</auth-constraint>
  </security-constraint>
 
  <login-config>
	<auth-method>BASIC</auth-method>
  </login-config>
...

tomcat-users.xml:

<tomcat-users>
	<role rolename="Customer"/>
	<user username="MyName" password="MyPassword" roles="Customer"/>
</tomcat-users>

I would really appreciate if anyone could tell me what I am doing wrong. In the google I can't find anything very useful. I am trying to access the page with Chrome/IE8 browsers. Examples on the website works without problem.

Ah, so is this resolved now then?

// Json

Yeh, solved.